secure_download 0.0.8

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 4c6a188788a46f008577bd2bb956b43fc766be04
+  data.tar.gz: ae20082e46986feb2783d9cac94b88bfd5dbb120
+SHA512:
+  metadata.gz: c66e73029aea9f4118c4065c7081bff77f7a97fe2e4e9084bd1c2cb40cb73c86ec60188867c004a4348079b774502675d6f5546107a4d5040accca9cd50c82b8
+  data.tar.gz: 10004807afd39d38e0cbcf87416bcf8453b7d04fdd02ada4c5f8d106cc9c81c6b79f08f030505286e1813714a3633c9c07f0748aa4672293639c0da249a93ea9

data/LICENSE

@@ -0,0 +1,20 @@
+The MIT License (MIT)
+
+Copyright (c) 2013 Stackle
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,32 @@
+secure_download
+===============
+
+CarrierWave secure download url with CanCan for restrict permission
+
+# Configuration
+add following method to config/routes.rb
+
+    secure_download_map
+
+default path is /secure_download but if you want to change path, use 
+
+    secure_download_map :path => "your_path"
+
+then change store_dir in your carrierwave uploader class to other path
+outside of public dir
+
+Next, if you mount uploader in User model with this line
+
+    mount_uploader :file, FileUploader
+
+and you want any user to be able to download this file then,
+add this rule to CanCan in ability.rb with format download_*.
+
+    can :download_file, User
+
+Where `file` is mount name and User is a model that mount the `file`.
+You can add more specific permission, see more at https://github.com/ryanb/cancan/wiki/Defining-Abilities
+
+# Usage
+Normally, you use `user.file.url`, when this gem was added, use `user.file.secure_url` instead.
+If you don't want user to be forced to download, use `user.file.secure_url(true)`

data/Rakefile

@@ -0,0 +1,38 @@
+#!/usr/bin/env rake
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+begin
+  require 'rdoc/task'
+rescue LoadError
+  require 'rdoc/rdoc'
+  require 'rake/rdoctask'
+  RDoc::Task = Rake::RDocTask
+end
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'SecureDownload'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+
+
+
+Bundler::GemHelper.install_tasks
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+
+task :default => :test

data/app/controllers/download_controller.rb

@@ -0,0 +1,30 @@
+class SecureDownload::DownloadController < ActionController::Base
+  def download
+    model = params[:model]
+    field = params[:field]
+    id = params[:id]
+
+    begin
+      cls = model.constantize
+      obj = cls.find(id.to_i)
+      upload_field = obj.send(field.to_sym) || not_found
+    rescue NameError, ActiveRecord::RecordNotFound, NoMethodError
+      not_found
+    end
+    
+    do_ability = "download_#{field}".to_sym
+    disposition = params.include?(:view) ? 'inline': 'attachment'
+    return send_file(absolute_file_path(upload_field), x_sendfile: true, disposition: disposition) if can? do_ability, obj
+
+    not_found
+  end
+
+  private
+    def absolute_file_path(carrierwave_obj)
+      carrierwave_obj.current_path
+    end
+
+    def not_found
+      raise ActionController::RoutingError.new('Not Found')
+    end
+end

data/lib/secure_download.rb

@@ -0,0 +1,21 @@
+# require 'active_support/core_ext/object/blank'
+# require 'active_support/core_ext/class/attribute'
+# require 'active_support/concern'
+
+module SecureDownload
+end
+
+if defined?(Rails)
+  module SecureDownload
+    class Railtie < Rails::Railtie
+      # initializer "secure_download.active_record" do
+      ActiveSupport.on_load :action_controller do
+        require 'secure_download/routes'
+        require_relative '../app/controllers/download_controller'
+        ActiveSupport.on_load :after_initialize do
+          require 'secure_download/carrierwave_extends'
+        end
+      end
+    end
+  end
+end

data/lib/secure_download/carrierwave_extends.rb

@@ -0,0 +1,34 @@
+require 'carrierwave/uploader'
+require 'carrierwave/mount'
+
+module CarrierWave
+  module Uploader
+    class Base
+      include ActionView::Helpers
+      include ActionDispatch::Routing
+      include Rails.application.routes.url_helpers
+    end
+  end
+
+  module Mount
+    class Mounter
+      alias_method :old_uploader, :uploader
+
+      def uploader
+        old_uploader
+        @uploader.instance_eval <<-RUBY, __FILE__, __LINE__+1
+          def secure_url(view=false)
+            hash = {:controller => 'secure_download/download', 
+              :action => 'download', 
+              :model => model.class.name, 
+              :field => '#{column}', 
+              :id => model.id }
+            hash[:view] = view if view
+            url_for hash
+          end
+        RUBY
+        return @uploader
+      end
+    end
+  end
+end

data/lib/secure_download/routes.rb

@@ -0,0 +1,8 @@
+module ActionDispatch::Routing
+  class Mapper
+    def secure_download_map(options={})
+      options = {:path => 'secure_download'}.merge(options)
+      get "#{options[:path]}/:model/:field/:id" => 'secure_download/download#download', :as => 'secure_download'
+    end
+  end
+end

data/lib/secure_download/version.rb

@@ -0,0 +1,3 @@
+module SecureDownload
+  VERSION = "0.0.8"
+end

metadata

@@ -0,0 +1,107 @@
+--- !ruby/object:Gem::Specification
+name: secure_download
+version: !ruby/object:Gem::Version
+  version: 0.0.8
+platform: ruby
+authors:
+- Tanapol Nearunchorn
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-04-06 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
+- !ruby/object:Gem::Dependency
+  name: cancan
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+- !ruby/object:Gem::Dependency
+  name: carrierwave
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
+description: Secure download for CarrierWave with CanCan
+email: tanapo.sh@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- Rakefile
+- app/controllers/download_controller.rb
+- lib/secure_download.rb
+- lib/secure_download/carrierwave_extends.rb
+- lib/secure_download/routes.rb
+- lib/secure_download/version.rb
+homepage: http://rubygems.org/gems/secure_download
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: Secure download for CarrierWave with CanCan
+test_files: []